In pngrutil.c, the function png_decompress_chunk() allocatesinsufficient space for an error message, potentially overwriting stackdata, leading to a buffer overflow.

Impact======

By enticing a user to load a maliciously crafted PNG image, an attackercould execute arbitrary code with the rights of the user, or crash theapplication using the libpng library, such as theemul-linux-x86-baselibs.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200607-06.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.